Update docs/specification/draft/basic/security_best_practices.mdx

Co-authored-by: Stephen Halter <[email protected]>

Author: localden

docs/specification/draft/basic/security_best_practices.mdx

@@ -146,7 +146,7 @@ MCP servers **MUST NOT** accept any tokens that were not explicitly issued for t
 
 Session hijacking is an attack vector where a client is provided a session ID by the server, and an unauthorized party is able to obtain and use that same session ID to impersonate the original client and perform unauthorized actions on their behalf.
 
-#### 2.3.1 Session Highjack Prompt Injection
+#### 2.3.1 Session Hijack Prompt Injection
 
 ```mermaid
 sequenceDiagram